Security update for roundcubemail SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:1945-1 Final 1 1 2015-11-03T16:27:43Z current 2015-11-03T16:27:43Z 2015-11-03T16:27:43Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for roundcubemail This update of roundcubemail fixes one security issue and one bug. - roundcubemail was updated to disallow unwanted access on files in the file system. The apache2 configuration file for roundcubemail previously allowed access to the roundcubemail/bin folder and possibly /logs, /config and /temp, if these were not symlinks (this is only the case when manually changed). This update comes with a fixed configuration. If you modified the file '/etc/apache2/conf.d/roundcubemail.conf', please replace it with the configuration 'roundcubemail.conf.rpmnew' and reapply your changes. After that, a restart of apache2 is requried. - This update also fixes an issue that causes apache2 not to start because 'mod_version.c' is not loaded. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2015-11/msg00053.html E-Mail link for openSUSE-SU-2015:1945-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 roundcubemail-1.1.3-3.1 roundcubemail-1.1.3-3.1 as a component of openSUSE Leap 42.1